﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;

namespace iS3.Server.Core.Filter
{
    public class AuthFilterAttribute : AuthorizationFilterAttribute
    {
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            //如果用户方位的Action带有AllowAnonymousAttribute，则不进行授权验证
            if (actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any())
            {
                return;
            }
            //获取身份对应的openid
            string openid = actionContext.Request.Headers.GetValues("openid").FirstOrDefault();

            string requestUrl = actionContext.Request.RequestUri.ToString();

            //根据身份和地址判定该接口是否有调用权限
            //先留着后续开发完善

            //根据openid查询相关的权限


            //var verifyResult = actionContext.Request.Headers.Authorization != null &&  //要求请求中需要带有Authorization头
            //                   actionContext.Request.Headers.Authorization.Parameter == "123456"; //并且Authorization参数为123456则验证通过

            //if (!verifyResult)
            //{
            //    //如果验证不通过，则返回401错误，并且Body中写入错误原因
            //    actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Unauthorized, new HttpError("Token 不正确"));
            //}
        }
    }
}
